From fba94b205b2c0fc8d65588192c305dd687326f88 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Wed, 15 Jul 2015 07:55:52 +1000 Subject: [PATCH] add CVE-2015-5477 --- README | 3 +++ doc/arm/notes.xml | 20 +++++++++++++++----- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/README b/README index 7a695d6e6d..c1f9210a97 100644 --- a/README +++ b/README @@ -56,6 +56,9 @@ BIND 9.10.3 - Dig now supports sending of arbitary EDNS options by specifying them on the command line. + This release addresses the security flaws described in + CVE-2015-4620 and CVE-2015-5477. + BIND 9.10.2 BIND 9.10.2 is a maintenance release and addresses bugs diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml index 9213746d12..65fa63daad 100644 --- a/doc/arm/notes.xml +++ b/doc/arm/notes.xml @@ -38,16 +38,26 @@ Security Fixes + + + A specially crafted query could trigger an assertion failure + in message.c. + + + This flaw was discovered by Jonathan Foote, and is disclosed + in CVE-2015-5477. [RT #39795] + + On servers configured to perform DNSSEC validation, an assertion failure could be triggered on answers from a specially configured server. - + This flaw was discovered by Breno Silveira Soares, and is disclosed in CVE-2015-4620. [RT #39795] - + @@ -70,7 +80,7 @@ them in the build. - + limits the number of simultaneous queries that can be sent to any single @@ -81,7 +91,7 @@ option. - + limits the number of simultaneous queries that can be sent for names within a @@ -188,7 +198,7 @@ Several bugs have been fixed in the RPZ implementation: - + Policy zones that did not specifically require recursion could be treated as if they did; consequently, setting